Blog Post

Microsoft Entra Blog
1 MIN READ

Removal of the 16-character limit for passwords in Azure AD

Alex_Simons's avatar
Alex_Simons
Icon for Microsoft rankMicrosoft
May 14, 2019

Howdy folks, 

 

Many of you have been reminding us that we still have a 16-character password limit for accounts created in Azure AD. While our on-premises Windows AD allows longer passwords and passphrases, we previously didn’t have support for this for cloud user accounts in Azure AD.  

 

Today, I am pleased to announce that we have changed this limit, allowing you to set a password with up to 256 characters, including spaces. You can see more details on password requirements in our password policy documentation. 

 

 

If you have questions or comments, please feel free to reach out to us on Azure AD UserVoice. 

 

Best regards, 

 

Alex Simons (Twitter: @Alex_A_Simons)

Vice President of Program Management

Microsoft Identity Division

Updated Aug 03, 2020
Version 9.0
Alex_Simons's avatar
Icon for Microsoft rankMicrosoft
Joined May 01, 2017
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.

19 Comments

Sort By
Show More
  • Phcsmile's avatar
    Phcsmile
    Copper Contributor
    May 16, 2019

    When we try office365 (email) password information says maximum 16.

  • Eliza Kuzmenko's avatar
    Eliza Kuzmenko
    Former Employee
    May 16, 2019

    Reedtechno thanks for the comment, we are investigating the ability to set custom password lengths but we do not have an ETA for this feature at this time. 

  • Eliza Kuzmenko's avatar
    Eliza Kuzmenko
    Former Employee
    May 16, 2019

    Mike-E we have heard the feedback for removing the password character complexity requirement, there are multiple moving parts to this work but it is on the radar. 

  • Reedtechno's avatar
    Reedtechno
    Copper Contributor
    May 15, 2019

    Awesome to see improvement, but are we also gaining the ability to set minimum length?  It is common knowledge that a 8 character password is not a good idea.  And it goes against many organizations password policies making the selfservice tool almost useless unless you want to throw your policy out the window.  Additionally the ability to control complexity requirements is a must.  MS has been a pushing some of the newer nist standards on passwords but azure goes against the standard.  

  • Mike-E's avatar
    Mike-E
    Brass Contributor
    May 15, 2019

    Why are you still requiring symbols and numbers?  Isn't length THE determining factor on how difficult it is to crack a password?  Requiring symbols and numbers (and all that upper/lower jazz) seems old skool at best.

  • Pete Mahon's avatar
    Pete Mahon
    Copper Contributor
    May 15, 2019

    Thank you to you and your team for taking this feedback seriously. 

     

    Excellent response, bravo! 

  • sivey42's avatar
    sivey42
    Copper Contributor
    May 14, 2019
    https://account.activedirectory.windowsazure.com/ChangePassword.aspx still has validators limiting the password to 16 characters, will this page be fixed as well?